From: Tim (pand0ra.usa@gmail.com)
Date: Fri Jan 20 2006 - 02:11:46 EST
Oooo.... here we go again!
In my experience passphrases are going to be much more secure. BUTmany applications (custom and commercial), outside of MicrosoftWindows, are written to only accept up to 14 characters. MS Windowscan accept a passphrase up to 127 characters. For the most part bruteforce cracking is dying and being replaced with rainbowcrack(http://www.antsight.com/zsl/rainbowcrack/). I have a full set (44GB)of the LanMan tables (rainbowtables.shmoo.com/) and I can blastthrough in about 10-20 minutes. Currently I am building the NTLM (thenMD5 after that) tables but only up to 8 characters as I probably don'thave the disk space for anything bigger. So, if you are securityconscious and have disabled LanMan from being stored or transmittedand _all_ of your users have 9 character passwords or passphrases,IMHO it will be very tough to recover any passwords. Some peoplerecommend that you use an alt ascii character in the password but Ithink it is impratical to ask users to do that. I can already picture60 users with the password bl
ink(alt-182).
Here is a paper I researched on Windows LanMan I welcome anyconstructive feedback.
Windows LanMan Challenge/Response Based Network Authentication Protocol
There is a lot of information out there on the pitfalls of Microsoft'simplementation of LanMan. What I am going to do is go into as muchdetail of the problem as I can and give workarounds to help mitigatethe vulnerability. As we know, most networks revolve around usingpasswords for authentication and are great targets for black hats andevil doers. Now let's jump in and take a look of how Microsoft usesLanMan.
dood:1301:081CFBE2AF23C5BEB8AFD410DE448ADD:0D952209A0138C9093DDF5845EE13957:::
Here is a typical user and password pulled from the registry; dood isthe username then you have the RID (RelativeId) and finally the LanMan(underlined) and NTLM passwords, all separated by a colon ( : ). Now,by default, Windows sends both the LanMan and NTLM passwords acrossthe wire when you authenticate to another machine (be it either hostor server). Let's dig a little deeper on this whole LanMan thing andtake a look at the problems.
LanMan is encrypted using DES (Data Encryption Standard) but they donot use a salt to throw in randomization. Also when you change yourpassword it is stored in ALL UPPERCASE characters and LanMan can onlybe a maximum of 14 characters (NTLM has a maximum of 127). Now thereis one last big flaw, take a look at the next to passwords and see ifyou notice a similarity.
dood1:1124:0AF1F736E3858B0CAAD3B435B51404EE:E5FAD982A09C13976DAEDD832EE2B4D9:::dood2:1158:5322BF21A44579F7AAD3B435B51404EE:75EF48966F114653569A10FA87707F23:::
Notice how AAD3B435B51404EE repeats in both passwords? Well… someonethought it was a safe idea by taking the 14 character password andsplitting it into two 7-character passwords and merging them together.Let's say the password for dood1 is "brown", that password is only 5characters long. LanMan pads the rest of the 9 missing characters (toequal 14) with the number 0. So the password will look like"brown000000000" to the system. But remember that issue about beingsplit in two; it effectively becomes "brown00" and "0000000". So whenyou see AAD3B435B51404EE in the password it is 0000000, taking thatone more step you are now able to visually see if the password is lessthen 8 characters.
Now let's take a little look at some math. With LanMan you effectivelyhave only a 7 character password at best; A-Z = 26 characters, 0-9 =10 characters, and 24 special characters (!, @, #, $, %, ^, &, *, (,), etc) so you have a grand total of 60 characters you can use (youcan use other Unicode characters doing ALT combinations but we willignore those for this purpose). So 60^7 gives you 2,799,360,000,000different combinations. Now say you have a 1.4 GHz laptop running johnthe ripper (or l0pht) with 1 GB of RAM that has a key rate of3,000,000 combinations per second, it would take 10.8 days to gothrough all possible combinations. That being said, mostorganizations expire a password at 90 days. We know that passwordscannot stay secure forever that is why we change them, but they mustbe able to withstand an attack until they can be changed. Let's expandon the math a little more.
60^7 = 2,799,360,000,000 = 10.8 days (A-Z, 0-9, special)86^7 = 34,792,782,221,696 = 134.23 days (A-Z, a-z, 0-9, special)62^8 = 218,340,105,584,896 = 2.3 years (A-Z, 0-9, special)86^8 = 2992179271065856 = 31.62 years (A-Z, a-z, 0-9, special)
*Keep in mind that this is the MAXIMUM amount of time it would takeand will most likely find the password in less time.
By looking at the math it is very probable to find any 7-characterpassword before it expires. It is still feasible to find the passwordthat uses 8 characters in 90 days or less but the process wouldprobably have to be is split across several machines. One of thethings suggested to me by a Microsoft Incident Response person was tomake pass phrases instead of passwords. Let's jump into a tad bit moreof math and look at a 14 character password that is NOT using LanMan(NTLM or NTLMv2).
36^14 = 6,140,942,214,464,815,497,216 combinations = 64,909,333 years (a-z, 0-9)
You could use "i have 1 dollar" as the example (which is actually36^15 but good enough for the exercise) and the possibility of a blackhat being able to discover the password before it expires is extremelyremote. Ultimately you should look at moving to only NTLMv2 for itssecurity though you may need to install the clients to allow yourWindows 95, 98, NT machines to connect. As with anything make sure youtest and document your changes in a suitable environment that will notaffect current operations.
Review:· LanMan coverts all characters to UPPERCASE· Pads the password with 0's up to 14 characters· Password is split into two 7 character chunks· No randomization seed used (salt)
So now that we understand how the password deal works a little betterlet's look at fixing the problems. We have to disable/remove LanMan.
1. LanMan is stored in the SAM (Security Accounts Manager)2. LanMan is transmitted with the NTLM 'hash' when authentication occurs
In order to disable the transmission and storage of the LanManpassword follow the instructions from Microsoft or the PDF. Note thatafter you disable the storage of passwords you will have to change thepassword in order for it not to store the new password. Myunderstanding is that the old password will always remain.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/msdn_secinst.asp(NT) change setting to 2 - Never sends LM password form.
http://www1.umn.edu/oit/img/assets/5630/DisableLanMan.pdf
Talks about current password guidance from Microsofthttp://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/select_sec_passwords.mspx
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:23 EDT